#VU134 Memory corruption vulnerability in Microsoft products - CVE-2016-3281
Published: July 14, 2016 / Updated: February 3, 2017
Microsoft Office
Microsoft Office for macOS
Microsoft Word
Microsoft Word for macOS
Microsoft Office Web Apps
Word Automation Services on Microsoft SharePoint Server
Microsoft
Description
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to an unknown error in Microsoft Word. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a remote attacker to execute arbitrary commands, access files and perform any actions with privileges of the current user.
Remediation
To resolve this vulnerability vendor recommends installing the following updates:
Microsoft Office 2007
Microsoft Word 2007 Service Pack 3
Microsoft Office 2010
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT
Use Windows Update to obtain the patch.
Microsoft Office 2016
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
SharePoint Software
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2